Building containerized software that runs on Kubernetes platforms like Red Hat OpenShift Cloud Platform is the hot trend in software development. Everyone is building containers, but the technology is new enough that best practices and certifications are still being developed. IBM specializes in providing software for enterprises. An example of this software is IBM Cloud Paks, which facilitate transformation—a faster, more reliable way to build, move and manage solutions on the cloud. While containerizing its software, IBM has leveraged its history of building enterprise solutions and coalesced many best practices into a certification program.
This certification program was initially created for IBM-produced software, but enterprise customers also require a rich ecosystem of software to create a complete solution. Now IBM has taken the next step and made a container certification available to partners of IBM Cloud Paks. This allows IBM and partners to go to market together and provide enterprise customers a high level of confidence in the quality of the software they are using.
We're pleased to announce that RapidBIZ from VACAVA has met the Certified for IBM Cloud Paks criteria!
"We found the Certified for IBM Cloud Paks program extremely valuable in ensuring our software and applications built with RapidBIZ meets the quality expectations of enterprises “ said Terry Bird, VACAVA CEO. “Our customers benefit by having a complete development environment and the ability to create and deploy applications quickly in the RapidBIZ environment - meeting all the certification criteria.
Red Hat Image and Operator Certifications are prerequisites to the Certified for IBM Cloud Paks process. IBM scans the running solution in an OpenShift Cloud Platform cluster and runs ~200 linter checks for Kubernetes and container best practices. IBM also reviews aspects of the solution architecture and documentation. Here are examples of the certification requirements that were met by RapidBIZ from VACAVA:
- Data encryption in-flight and at-rest:
- Encrypt all data in transit using TLS 1.2
- Encrypt all data at rest
- Secrets must be stored in an approved service
- Network protection and implementation:
- Only expose required ports/services from each container
- Limit traffic between pods
- Containers do not communicate with the host
- Limit Security Privilege:
- Run with a restricted security context constraint (SCC)
- Provide custom SCC with exact security context
- Provide mechanism to track all components of a workload
- Keys and certificate implementation and management:
- Product should use a Key Management system
- Products must support key rotation
- Allow customer-provided keys
- Ability to replace customer keys
- Use an approved certificate manager
- Products must support certificate rotation
- Must follow best practices for Public Key Infrastructure
- Allow customer-provided certificates
- Ability to replace customer certificates
Want to learn more? Here are some links to get you started:
- RapidBIZ from VACAVA: https://www.ibm.com/us-en/marketplace/rapidbiz
- The "Certified for IBM Cloud Paks" partner ecosystem program: https://www.ibm.com/partnerworld/cloud/independent-software-vendors
- IBM Cloud Paks: https://www.ibm.com/cloud/paks/
Learn how VACAVA can help you. Contact me today.
About VACAVA Inc.
VACAVA's mission is to deliver high-quality, affordable custom applications that allow companies to reengineer their existing processes and operate more efficiently and effectively. VACAVA's solutions are tailored exactly to the needs of the organization, allowing it to work with companies of all sizes, from fledgling ventures to Fortune 500 companies.